As recently, information technology has been developed rapidly in various areas of the world, the role and the usability of the information technology has been increased. Every country makes investment in training personnel and R&D to raise inf...
다국어 입력
あ
ぁ
か
が
さ
ざ
た
だ
な
は
ば
ぱ
ま
や
ゃ
ら
わ
ゎ
ん
い
ぃ
き
ぎ
し
じ
ち
ぢ
に
ひ
び
ぴ
み
り
う
ぅ
く
ぐ
す
ず
つ
づ
っ
ぬ
ふ
ぶ
ぷ
む
ゆ
ゅ
る
え
ぇ
け
げ
せ
ぜ
て
で
ね
へ
べ
ぺ
め
れ
お
ぉ
こ
ご
そ
ぞ
と
ど
の
ほ
ぼ
ぽ
も
よ
ょ
ろ
を
ア
ァ
カ
サ
ザ
タ
ダ
ナ
ハ
バ
パ
マ
ヤ
ャ
ラ
ワ
ヮ
ン
イ
ィ
キ
ギ
シ
ジ
チ
ヂ
ニ
ヒ
ビ
ピ
ミ
リ
ウ
ゥ
ク
グ
ス
ズ
ツ
ヅ
ッ
ヌ
フ
ブ
プ
ム
ユ
ュ
ル
エ
ェ
ケ
ゲ
セ
ゼ
テ
デ
ヘ
ベ
ペ
メ
レ
オ
ォ
コ
ゴ
ソ
ゾ
ト
ド
ノ
ホ
ボ
ポ
モ
ヨ
ョ
ロ
ヲ
―
http://chineseinput.net/에서 pinyin(병음)방식으로 중국어를 변환할 수 있습니다.
변환된 중국어를 복사하여 사용하시면 됩니다.
예시)
- 中文 을 입력하시려면 zhongwen을 입력하시고 space를누르시면됩니다.
- 北京 을 입력하시려면 beijing을 입력하시고 space를 누르시면 됩니다.
А
Б
В
Г
Д
Е
Ё
Ж
З
И
Й
К
Л
М
Н
О
П
Р
С
Т
У
Ф
Х
Ц
Ч
Ш
Щ
Ъ
Ы
Ь
Э
Ю
Я
а
б
в
г
д
е
ё
ж
з
и
й
к
л
м
н
о
п
р
с
т
у
ф
х
ц
ч
ш
щ
ъ
ы
ь
э
ю
я
′
″
℃
Å
¢
£
¥
¤
℉
‰
$
%
F
₩
㎕
㎖
㎗
ℓ
㎘
㏄
㎣
㎤
㎥
㎦
㎙
㎚
㎛
㎜
㎝
㎞
㎟
㎠
㎡
㎢
㏊
㎍
㎎
㎏
㏏
㎈
㎉
㏈
㎧
㎨
㎰
㎱
㎲
㎳
㎴
㎵
㎶
㎷
㎸
㎹
㎀
㎁
㎂
㎃
㎄
㎺
㎻
㎽
㎾
㎿
㎐
㎑
㎒
㎓
㎔
Ω
㏀
㏁
㎊
㎋
㎌
㏖
㏅
㎭
㎮
㎯
㏛
㎩
㎪
㎫
㎬
㏝
㏐
㏓
㏃
㏉
㏜
㏆
RISS 인기검색어
https://www.riss.kr/link?id=T12927899
- 저자
-
발행사항
대전 : 忠南大學校 大學院, 2012
-
학위논문사항
학위논문(박사) -- 忠南大學校 大學院 , 컴퓨터과학과 전산학 전공 , 2012. 8
-
발행연도
2012
-
작성언어
한국어
- 주제어
-
DDC
621.39 판사항(22)
-
발행국(도시)
대전
-
기타서명
Study on Defense Information Security Management System and Evaluation Methodology Development
-
형태사항
vi, 130 p. : 삽화 ; 26 cm.
-
일반주기명
충남대학교 논문은 저작권에 의해 보호받습니다.
지도교수: 류재철
부록: 정보보호 관리체계 통제항목 설문
참고문헌 : p. 109-111 -
소장기관
- 국립중앙도서관
- 충남대학교 도서관
- 국립중앙도서관
-
0
상세조회 -
0
다운로드
부가정보
다국어 초록 (Multilingual Abstract)
As recently, information technology has been developed rapidly in various areas of the world, the role and the usability of the information technology has been increased.
Every country makes investment in training personnel and R&D to raise information ability for the future. And Every country has built IT adoption of a military information system first by developing IT infra and information communication service. But cyber breaches have been increased on a reverse side in proportion to be increased investment and usability to IT adoption.
Even though defense information security management system is not the same as ISMS which is ISO/IEC 27001, there is a military information affairs instructions which describes organization security evaluation and a military security affairs instructions which describes procedures and criteria for activities to audit and measure security in order to protect military information.
As threats have been increased in cyber space, military has analyzed and evaluated the vulnerabilities of each information system and organization since 2003.
But that is not enough to check and evaluate a large and complexity system as military information system comprehensively and systematically.
Therefore, this paper proposes the methodology to evaluate security information level for military information system and control items(13 control areas, 41 control items) which is specified to military information. Here, we developed the control items which is based on ISO/IEC 27001(BS7799) and is applied to the concept of SSE-CMM about production, development, and operation of security technology, CC about security level of information security products and systems, KCMVP about security level of cryptographic modules, nation security accreditation.
As information system has a special character that if one item among control items has at least low security level, the information system is weak. This paper proposed evaluation level which be reflected by this special character of the information system.
The method to evaluate the information security level of military information system is as following.
First, we check 4 management courses and 15 requirements according to PDCA(Plan-Do-Check-Act) which are covered by ISO/IEC 27001 or G-ISMS.
Second, we check 3 requirements and 12 check items according to documentation which are covered by ISO/IEC 27001 or G-ISMS.
Third, We choice control items which is proper to a special military information system. Here, the control items is proposed by this paper.
Forth, we perform to evaluate the military information system according to the control items chosen above. Here, the configuration of the military information system consist of management field, operation field, technology field and the main factors are assets, policy, organization, manager and user, physical and environmental facilities, security system, etc.
Fifth, we can decide the information security level which is applied to management system control items and evaluation level by the methodology to evaluate the information security level proposed by this paper.
Specially, the methodology which we proposed can be used as a base criteria to apply the real military information system. Considering special environment character of the military information system and current technology level, we optimized and developed the security control items of military information system.
The security control items and security evaluation level which is proposed by this paper in order to evaluate information security level for military information system can support to manage the operation and assets of military information system systematically and efficiently.
Every country makes investment in training personnel and R&D to raise information ability for the future. And Every country has built IT adoption of a military information system first by developing IT infra and information communication service. But cyber breaches have been increased on a reverse side in proportion to be increased investment and usability to IT adoption.
Even though defense information security management system is not the same as ISMS which is ISO/IEC 27001, there is a military information affairs instructions which describes organization security evaluation and a military security affairs instructions which describes procedures and criteria for activities to audit and measure security in order to protect military information.
As threats have been increased in cyber space, military has analyzed and evaluated the vulnerabilities of each information system and organization since 2003.
But that is not enough to check and evaluate a large and complexity system as military information system comprehensively and systematically.
Therefore, this paper proposes the methodology to evaluate security information level for military information system and control items(13 control areas, 41 control items) which is specified to military information. Here, we developed the control items which is based on ISO/IEC 27001(BS7799) and is applied to the concept of SSE-CMM about production, development, and operation of security technology, CC about security level of information security products and systems, KCMVP about security level of cryptographic modules, nation security accreditation.
As information system has a special character that if one item among control items has at least low security level, the information system is weak. This paper proposed evaluation level which be reflected by this special character of the information system.
The method to evaluate the information security level of military information system is as following.
First, we check 4 management courses and 15 requirements according to PDCA(Plan-Do-Check-Act) which are covered by ISO/IEC 27001 or G-ISMS.
Second, we check 3 requirements and 12 check items according to documentation which are covered by ISO/IEC 27001 or G-ISMS.
Third, We choice control items which is proper to a special military information system. Here, the control items is proposed by this paper.
Forth, we perform to evaluate the military information system according to the control items chosen above. Here, the configuration of the military information system consist of management field, operation field, technology field and the main factors are assets, policy, organization, manager and user, physical and environmental facilities, security system, etc.
Fifth, we can decide the information security level which is applied to management system control items and evaluation level by the methodology to evaluate the information security level proposed by this paper.
Specially, the methodology which we proposed can be used as a base criteria to apply the real military information system. Considering special environment character of the military information system and current technology level, we optimized and developed the security control items of military information system.
The security control items and security evaluation level which is proposed by this paper in order to evaluate information security level for military information system can support to manage the operation and assets of military information system systematically and efficiently.
As recently, information technology has been developed rapidly in various areas of the world, the role and the usability of the information technology has been increased.
Every country makes investment in training personnel and R&D to raise information ability for the future. And Every country has built IT adoption of a military information system first by developing IT infra and information communication service. But cyber breaches have been increased on a reverse side in proportion to be increased investment and usability to IT adoption.
Even though defense information security management system is not the same as ISMS which is ISO/IEC 27001, there is a military information affairs instructions which describes organization security evaluation and a military security affairs instructions which describes procedures and criteria for activities to audit and measure security in order to protect military information.
As threats have been increased in cyber space, military has analyzed and evaluated the vulnerabilities of each information system and organization since 2003.
But that is not enough to check and evaluate a large and complexity system as military information system comprehensively and systematically.
Therefore, this paper proposes the methodology to evaluate security information level for military information system and control items(13 control areas, 41 control items) which is specified to military information. Here, we developed the control items which is based on ISO/IEC 27001(BS7799) and is applied to the concept of SSE-CMM about production, development, and operation of security technology, CC about security level of information security products and systems, KCMVP about security level of cryptographic modules, nation security accreditation.
As information system has a special character that if one item among control items has at least low security level, the information system is weak. This paper proposed evaluation level which be reflected by this special character of the information system.
The method to evaluate the information security level of military information system is as following.
First, we check 4 management courses and 15 requirements according to PDCA(Plan-Do-Check-Act) which are covered by ISO/IEC 27001 or G-ISMS.
Second, we check 3 requirements and 12 check items according to documentation which are covered by ISO/IEC 27001 or G-ISMS.
Third, We choice control items which is proper to a special military information system. Here, the control items is proposed by this paper.
Forth, we perform to evaluate the military information system according to the control items chosen above. Here, the configuration of the military information system consist of management field, operation field, technology field and the main factors are assets, policy, organization, manager and user, physical and environmental facilities, security system, etc.
Fifth, we can decide the information security level which is applied to management system control items and evaluation level by the methodology to evaluate the information security level proposed by this paper.
Specially, the methodology which we proposed can be used as a base criteria to apply the real military information system. Considering special environment character of the military information system and current technology level, we optimized and developed the security control items of military information system.
The security control items and security evaluation level which is proposed by this paper in order to evaluate information security level for military information system can support to manage the operation and assets of military information system systematically and efficiently.
목차 (Table of Contents)
- 제 1장 서론 1
- 1.1 연구배경 및 목적 1
- 1.2 연구내용 2
- 1.3 연구방법 4
- 1.4 논문의 구성 5
- 제 1장 서론 1
- 1.1 연구배경 및 목적 1
- 1.2 연구내용 2
- 1.3 연구방법 4
- 1.4 논문의 구성 5
- 제 2장 국내외 정보보호 관리체계 연구 6
- 2.1 통제항목 중심의 평가 방법론 6
- 2.1.1 ISO/IEC 27001(BS7799) 6
- 2.1.2 FISMA 11
- 2.1.3 GMITS 12
- 2.1.4 K-ISMS 15
- 2.1.5 G-ISMS 19
- 2.1.6 NIS-ISMS 23
- 2.1.7 고등교육기관 정보보호 관리체계 26
- 2.2 프로세스 중심의 평가 방법론 28
- 2.2.1 COBIT 28
- 2.2.2 SSE-CMM 30
- 2.3 제품 중심의 평가 방법론 37
- 2.3.1 CC 37
- 2.3.2 KCMVP 46
- 2.3.3 보안적합성 검증제도 52
- 2.4 국방 정보보호 관리체계 현황 53
- 2.5 국내외 정보보호 관리체계 분석 56
- 2.6 국내외 정보보호 관리체계의 통제항목에 대한 설문 59
- 2.6.1 ISMS 전문가에 의한 국내외 정보보호 관리체계 통제항목에 대한 설문 59
- 2.6.2 ISMS 비전문가인 보안전문가에 의한 국내외 정보보호 관리 체계 통제항목에 대한 설문 62
- 2.6.3 국내외 정보보호 관리체계의 통제항목에 대한 설문 분석 64
- 제 3장 국방 정보보호 평가방법 65
- 3.1 국방 정보보호 관리체계 65
- 3.2 국방 정보보호 수준 평가방법 70
- 3.3 국방 정보보호 평가방법 분석 97
- 3.3.1 제안 통제항목과 ISO/IEC 27001 통제항목 비교 분석 97
- 3.3.2 제안 정보보호 수준평가와 국내 정보보호 수준평가 비교 분석 98
- 3.4 제안 정보보호 관리체계 적용 평가 사례 99
- 제 4장 결론 106
- 참고문헌 109
- 부록 정보보호 관리체계 통제항목 설문 112
- ABSTRACT 127
분석정보
이 자료와 함께 이용한 RISS 자료
나만을 위한 추천자료
